From a98e95b941a14bc4856898ea93941683a9b0cf3a Mon Sep 17 00:00:00 2001 From: Michael Scire Date: Sun, 5 Apr 2020 19:05:15 -0700 Subject: [PATCH] hactool: fix compatbility with chinese gamecards --- hfs0.c | 2 +- hfs0.h | 1 + utils.c | 47 +++++++++++++++++++++++++++++++ utils.h | 2 ++ xci.c | 85 ++++++++++++++++++++++++++++++++++++++------------------- xci.h | 2 ++ 6 files changed, 110 insertions(+), 29 deletions(-) diff --git a/hfs0.c b/hfs0.c index 328c565..f9548b2 100644 --- a/hfs0.c +++ b/hfs0.c @@ -100,7 +100,7 @@ void hfs0_print(hfs0_ctx_t *ctx) { for (unsigned int i = 0; i < ctx->header->num_files; i++) { hfs0_file_entry_t *cur_file = hfs0_get_file_entry(ctx->header, i); if (ctx->tool_ctx->action & ACTION_VERIFY) { - validity_t hash_validity = check_memory_hash_table(ctx->file, cur_file->hash, ctx->offset + hfs0_get_header_size(ctx->header) + cur_file->offset, cur_file->hashed_size, cur_file->hashed_size, 0); + validity_t hash_validity = check_memory_hash_table_with_suffix(ctx->file, cur_file->hash, ctx->offset + hfs0_get_header_size(ctx->header) + cur_file->offset, cur_file->hashed_size, cur_file->hashed_size, ctx->hash_suffix, 0); printf("%s%s:/%-48s %012"PRIx64"-%012"PRIx64" (%s)\n", i == 0 ? " " : " ", ctx->name == NULL ? "hfs0" : ctx->name, hfs0_get_file_name(ctx->header, i), cur_file->offset, cur_file->offset + cur_file->size, GET_VALIDITY_STR(hash_validity)); } else { printf("%s%s:/%-48s %012"PRIx64"-%012"PRIx64"\n", i == 0 ? " " : " ", ctx->name == NULL ? "hfs0" : ctx->name, hfs0_get_file_name(ctx->header, i), cur_file->offset, cur_file->offset + cur_file->size); diff --git a/hfs0.h b/hfs0.h index 00716be..d3ecec7 100644 --- a/hfs0.h +++ b/hfs0.h @@ -30,6 +30,7 @@ typedef struct { hactool_ctx_t *tool_ctx; hfs0_header_t *header; const char *name; + const uint8_t *hash_suffix; } hfs0_ctx_t; static inline hfs0_file_entry_t *hfs0_get_file_entry(hfs0_header_t *hdr, uint32_t i) { diff --git a/utils.c b/utils.c index fc6a79b..3d40bbb 100644 --- a/utils.c +++ b/utils.c @@ -153,7 +153,54 @@ validity_t check_memory_hash_table(FILE *f_in, unsigned char *hash_table, uint64 free(block); return result; +} +validity_t check_memory_hash_table_with_suffix(FILE *f_in, unsigned char *hash_table, uint64_t data_ofs, uint64_t data_len, uint64_t block_size, const uint8_t *suffix, int full_block) { + if (block_size == 0) { + /* Block size of 0 is always invalid. */ + return VALIDITY_INVALID; + } + + unsigned char cur_hash[0x20]; + uint64_t read_size = block_size; + unsigned char *block = malloc(block_size); + if (block == NULL) { + fprintf(stderr, "Failed to allocate hash block!\n"); + exit(EXIT_FAILURE); + } + + validity_t result = VALIDITY_VALID; + unsigned char *cur_hash_table_entry = hash_table; + for (uint64_t ofs = 0; ofs < data_len; ofs += read_size) { + fseeko64(f_in, ofs + data_ofs, SEEK_SET); + if (ofs + read_size > data_len) { + /* Last block... */ + memset(block, 0, read_size); + read_size = data_len - ofs; + } + + if (fread(block, 1, read_size, f_in) != read_size) { + fprintf(stderr, "Failed to read file!\n"); + exit(EXIT_FAILURE); + } + { + sha_ctx_t *sha_ctx = new_sha_ctx(HASH_TYPE_SHA256, 0); + sha_update(sha_ctx, block, full_block ? block_size : read_size); + if (suffix) { + sha_update(sha_ctx, suffix, sizeof(*suffix)); + } + sha_get_hash(sha_ctx, cur_hash); + free_sha_ctx(sha_ctx); + } + if (memcmp(cur_hash, cur_hash_table_entry, 0x20) != 0) { + result = VALIDITY_INVALID; + break; + } + cur_hash_table_entry += 0x20; + } + free(block); + + return result; } validity_t check_file_hash_table(FILE *f_in, uint64_t hash_ofs, uint64_t data_ofs, uint64_t data_len, uint64_t block_size, int full_block) { diff --git a/utils.h b/utils.h index e44826f..3567d07 100644 --- a/utils.h +++ b/utils.h @@ -47,6 +47,8 @@ FILE *open_key_file(const char *prefix); validity_t check_memory_hash_table(FILE *f_in, unsigned char *hash_table, uint64_t data_ofs, uint64_t data_len, uint64_t block_size, int full_block); validity_t check_file_hash_table(FILE *f_in, uint64_t hash_ofs, uint64_t data_ofs, uint64_t data_len, uint64_t block_size, int full_block); +validity_t check_memory_hash_table_with_suffix(FILE *f_in, unsigned char *hash_table, uint64_t data_ofs, uint64_t data_len, uint64_t block_size, const uint8_t *suffix, int full_block); + #ifdef _MSC_VER inline int fseeko64(FILE *__stream, long long __off, int __whence) { diff --git a/xci.c b/xci.c index ab257a4..6532576 100644 --- a/xci.c +++ b/xci.c @@ -45,10 +45,47 @@ void xci_process(xci_ctx_t *ctx) { } } - ctx->hfs0_hash_validity = check_memory_hash_table(ctx->file, ctx->header.hfs0_header_hash, ctx->header.hfs0_offset, ctx->header.hfs0_header_size, ctx->header.hfs0_header_size, 0); - if (ctx->hfs0_hash_validity != VALIDITY_VALID) { - fprintf(stderr, "Error: XCI partition is corrupt!\n"); - exit(EXIT_FAILURE); + for (unsigned int i = 0; i < 0x10; i++) { + ctx->iv[i] = ctx->header.reversed_iv[0xF-i]; + } + + + // try to decrypt header data + unsigned char null_key[0x10]; + memset(null_key, 0x00, 0x10); + // test if the xci header key is set + if (memcmp(ctx->tool_ctx->settings.keyset.xci_header_key, null_key, 0x10) != 0) { + aes_ctx_t *aes_ctx = new_aes_ctx(ctx->tool_ctx->settings.keyset.xci_header_key, 0x10, AES_MODE_CBC); + aes_setiv(aes_ctx, ctx->iv, 0x10); + + aes_decrypt(aes_ctx, ctx->decrypted_header, ctx->header.encrypted_data, 0x70); + + ctx->has_decrypted_header = 1; + } else { + ctx->has_decrypted_header = 0; + } + + const uint8_t *compatiblity_type_ptr = NULL; + ctx->has_fake_compat_type = 0; + ctx->fake_compat_type = COMPAT_GLOBAL; + if (ctx->has_decrypted_header) { + xci_gamecard_info_t *gc_info = (xci_gamecard_info_t*)(ctx->decrypted_header + 0x10); + if (gc_info->compatibility_type != 0) { + compatiblity_type_ptr = &gc_info->compatibility_type; + } + ctx->hfs0_hash_validity = check_memory_hash_table_with_suffix(ctx->file, ctx->header.hfs0_header_hash, ctx->header.hfs0_offset, ctx->header.hfs0_header_size, ctx->header.hfs0_header_size, compatiblity_type_ptr, 0); + } else { + ctx->hfs0_hash_validity = check_memory_hash_table_with_suffix(ctx->file, ctx->header.hfs0_header_hash, ctx->header.hfs0_offset, ctx->header.hfs0_header_size, ctx->header.hfs0_header_size, compatiblity_type_ptr, 0); + if (ctx->hfs0_hash_validity != VALIDITY_VALID) { + ctx->has_fake_compat_type = 1; + ctx->fake_compat_type = COMPAT_CHINA; + compatiblity_type_ptr = &ctx->fake_compat_type; + ctx->hfs0_hash_validity = check_memory_hash_table_with_suffix(ctx->file, ctx->header.hfs0_header_hash, ctx->header.hfs0_offset, ctx->header.hfs0_header_size, ctx->header.hfs0_header_size, compatiblity_type_ptr, 0); + } + if (ctx->hfs0_hash_validity != VALIDITY_VALID) { + fprintf(stderr, "Error: XCI partition is corrupt!\n"); + exit(EXIT_FAILURE); + } } hactool_ctx_t blank_ctx; @@ -90,28 +127,10 @@ void xci_process(xci_ctx_t *ctx) { cur_ctx->offset = ctx->partition_ctx.offset + hfs0_get_header_size(ctx->partition_ctx.header) + cur_file->offset; cur_ctx->tool_ctx = &blank_ctx; cur_ctx->file = ctx->file; + cur_ctx->hash_suffix = compatiblity_type_ptr; hfs0_process(cur_ctx); } - for (unsigned int i = 0; i < 0x10; i++) { - ctx->iv[i] = ctx->header.reversed_iv[0xF-i]; - } - - // try to decrypt header data - unsigned char null_key[0x10]; - memset(null_key, 0x00, 0x10); - // test if the xci header key is set - if (memcmp(ctx->tool_ctx->settings.keyset.xci_header_key, null_key, 0x10) != 0) { - aes_ctx_t *aes_ctx = new_aes_ctx(ctx->tool_ctx->settings.keyset.xci_header_key, 0x10, AES_MODE_CBC); - aes_setiv(aes_ctx, ctx->iv, 0x10); - - aes_decrypt(aes_ctx, ctx->decrypted_header, ctx->header.encrypted_data, 0x70); - - ctx->has_decrypted_header = 1; - } else { - ctx->has_decrypted_header = 0; - } - if (ctx->tool_ctx->action & ACTION_INFO) { xci_print(ctx); @@ -236,8 +255,8 @@ static const char *xci_get_access_control_type(xci_gamecard_info_t *gc_info) { } } -static const char *xci_get_region_compatibility_type(xci_gamecard_info_t *gc_info) { - xci_region_compatibility_t compatibility_type = (xci_region_compatibility_t)gc_info->compatibility_type; +static const char *xci_get_region_compatibility_type_name(uint8_t _type) { + xci_region_compatibility_t compatibility_type = (xci_region_compatibility_t)_type; switch (compatibility_type) { case COMPAT_GLOBAL: return "Global"; case COMPAT_CHINA: return "China"; @@ -246,6 +265,10 @@ static const char *xci_get_region_compatibility_type(xci_gamecard_info_t *gc_inf } } +static const char *xci_get_region_compatibility_type(xci_gamecard_info_t *gc_info) { + return xci_get_region_compatibility_type_name(gc_info->compatibility_type); +} + static void xci_print_hfs0(hfs0_ctx_t *ctx) { print_magic(" Magic: ", ctx->header->magic); printf(" Offset: %012"PRIx64"\n", ctx->offset); @@ -256,7 +279,7 @@ static void xci_print_hfs0(hfs0_ctx_t *ctx) { for (unsigned int i = 0; i < ctx->header->num_files; i++) { hfs0_file_entry_t *cur_file = hfs0_get_file_entry(ctx->header, i); if (ctx->tool_ctx->action & ACTION_VERIFY) { - validity_t hash_validity = check_memory_hash_table(ctx->file, cur_file->hash, ctx->offset + hfs0_get_header_size(ctx->header) + cur_file->offset, cur_file->hashed_size, cur_file->hashed_size, 0); + validity_t hash_validity = check_memory_hash_table_with_suffix(ctx->file, cur_file->hash, ctx->offset + hfs0_get_header_size(ctx->header) + cur_file->offset, cur_file->hashed_size, cur_file->hashed_size, ctx->hash_suffix, 0); printf("%s%s:/%-48s %012"PRIx64"-%012"PRIx64" (%s)\n", i == 0 ? " " : " ", ctx->name == NULL ? "hfs0" : ctx->name, hfs0_get_file_name(ctx->header, i), cur_file->offset, cur_file->offset + cur_file->size, GET_VALIDITY_STR(hash_validity)); } else { printf("%s%s:/%-48s %012"PRIx64"-%012"PRIx64"\n", i == 0 ? " " : " ", ctx->name == NULL ? "hfs0" : ctx->name, hfs0_get_file_name(ctx->header, i), cur_file->offset, cur_file->offset + cur_file->size); @@ -284,6 +307,12 @@ void xci_print(xci_ctx_t *ctx) { memdump(stdout, "Header IV: ", ctx->iv, 0x10); memdump(stdout, "Encrypted Header: ", ctx->header.encrypted_data, 0x70); + + if (ctx->has_fake_compat_type || !ctx->has_decrypted_header) { + printf("Encrypted Header Data:\n"); + printf(" Compatibility Type: %s\n", xci_get_region_compatibility_type_name(ctx->fake_compat_type)); + } + if (ctx->has_decrypted_header) { xci_gamecard_info_t *gc_info = (xci_gamecard_info_t*)(ctx->decrypted_header + 0x10); printf("Encrypted Header Data:\n"); @@ -303,9 +332,9 @@ void xci_print(xci_ctx_t *ctx) { ver[3] = (gc_info->cup_version & 0xffff); printf(" CUP Version v%d.%d.%d-%d\n", ver[0], ver[1], ver[2], ver[3]); - printf(" Compatibility Type %s\n", xci_get_region_compatibility_type(gc_info)); //%02"PRIx8"\n", gc_info->compatibility_type); + printf(" Compatibility Type: %s\n", xci_get_region_compatibility_type(gc_info)); //%02"PRIx8"\n", gc_info->compatibility_type); memdump(stdout, " Update Hash ", gc_info->update_partition_hash, 8); - printf(" CUP TitleId %016"PRIx64"\n", gc_info->cup_title_id); + printf(" CUP TitleId: %016"PRIx64"\n", gc_info->cup_title_id); } if (ctx->tool_ctx->action & ACTION_VERIFY) { diff --git a/xci.h b/xci.h index 74b70b6..1f4768d 100644 --- a/xci.h +++ b/xci.h @@ -89,6 +89,8 @@ typedef struct { int has_decrypted_header; unsigned char decrypted_header[0x70]; xci_header_t header; + int has_fake_compat_type; + uint8_t fake_compat_type; } xci_ctx_t; void xci_process(xci_ctx_t *ctx);